As per subject are there any plans to make the PPPOE process use multiple cores ? The ibg driver it self is using multiple cpu cores, but PPPoE is only single threaded. Or is it better to use a modem -> router then pfSense ? Not really, because of double NAT. Currently I'm using modem -> pfSense PPPOE Stay with it.

I am a little bit further. Just enabling spanning tree portfast did the trick as far as the switches concerned. I could enable both interfaces without killing my switched network. I am now migrating the vlans to the LACP interface. I think I have 2 options: Create new tagged vlan, assign interface and re-tag on all devices with the vlan tag (with this option I need to change the vlan tag on several devices) or…. Create new tagged vlan, delete interface, delete vlan, change vlan tag on newly created vlan to old one, and assign interface, but then I need to re-configure all the firewall rules and the interface, dhcp etc again. I have one vlan which I would not like to re-tag on al my hypervisors etc. But I also would not like to create all firewall rules etc all over again. What is the smartest way to migrate a vlan, with a lot of rules to the new LAGG interface, without changing the vlan id? Thanks, Mark

It does what it says, on a normal functioning system. It should allow any user with the proper access to login. If the admin account is enabled, that should be able to login as expected, provided the correct password was entered. Other users could login as well so long as they have a privilege granting them shell access.

Well that's embarrassing, it's working all of a sudden… Thanks for the help.

Um, yeah you need VLANs if you can't physically moved the different bits of equipment. Potentially your WAPs might be able to tag traffic directly and your unmanaged switches might pass that tagged traffic which would allow you to isolate that traffic to pfSense. But that still leaves WAN and LAN in the same layer 2 which is all wrong! Steve

It's not the hardware. I have Pentium processor (Skylake family) on a B150 chipset and 3 Intel NIC cards. But your advice in checking to see if some limiter was running was the cause. I don't ever recall setting a limiter up, but I might have inadvertently set one up playing with the settings. Anyway I deleted the limiter in pfSense and now I am getting 150+ Mbps. Last test was 197 Mbps!  ;D Thanks for your suggestion marvosa!

Update.  I have replaced the NIC and all is good again, it was caused by some failed hardware.  Anyways I had to replace it with another realtek because my little box is so small I need super low profile card and I could not find an intel one that was small enough, anyways it I will know what to replace if this happens again.  Thanks for all the help!

Bah, look at the turn this has already taken. We started with a flawed design and lack of information, so taking the OP down rabbit holes at the beginning (which he may or may not even understand) will just get messy, confuse everyone and triple (if not quadruple) the length of this thread. Why go there?  Why not address the flawed design to start with?  You know very well he shouldn't be using VLAN 1 for data, we don't know if his LAN interface is addressed, no network map was provided so we don't' know how things are connected, we don't know what default GW is being used, we don't know if the connection to the switch is trunked, we don't know if the switch is even managed, etc, etc. OP, IMO you should address your design before we go any further or it will add several days (if not weeks) to this thread.

@bobsuruncle: ah yes, good idea.  what's the best way to swap it without re-configuring everything? Download and edit manually your config.xml is the best way, I think. Always use saved copy for backup! Search for interfaces, ex em0 and em1 and swap them everywhere (match whole word only). For my setup it counts only 1 match for every interface assigned. After editing double check everything and restore your edited config on firewall using gui. The other way is just to reassign it via console menu or even gui, but I did not try this way and it could be complicated as you need to re-plug your cables on the fly may be.

If this isent possible, then its ok, but i hope that it works anyone?

Noone?

Check the firewall interfaces for possible stale rules left behind. Also I noticed some things do not work/get applied properly until you do a reboot.

HI Swoody, i have the same issue, did you manage to find a solution? Vuko

I have been using Pfsense for years to protect VoIp. Nothing beats this with Pf8Blocker. I have never had a NAT issue due to PFS since 2.x earlier version did have issue that needed some tunables etc..

Hello, I figured out the speed issue. The tunable for flow control does not load when placed in /boot/loader.conf.local I used cli to do the following "sysctl dev.ix.0.fc=0" the command prompt in GUI works as well by entering the same string. Now if I could only get the DOM readout I will be a happy person.